Study of Outdated Cryptography Algorithms Posts of Stack Overflow
نام عام مواد
[Thesis]
نام نخستين پديدآور
Kharche, Shraddha
نام ساير پديدآوران
Narain, Sashank
وضعیت نشر و پخش و غیره
نام ناشر، پخش کننده و غيره
University of Massachusetts Lowell
تاریخ نشرو بخش و غیره
2021
يادداشت کلی
متن يادداشت
48 p.
یادداشتهای مربوط به پایان نامه ها
جزئيات پايان نامه و نوع درجه آن
M.S.
کسي که مدرک را اعطا کرده
University of Massachusetts Lowell
امتياز متن
2021
یادداشتهای مربوط به خلاصه یا چکیده
متن يادداشت
There are many online forums where software developers involve themselves in technical discussions and one of the most popular platforms is Stack Overflow. Though these forums are helping developers to pass hurdle in their development process, many recent studies have shown that copying insecure code from these online forums is the leading cause of software vulnerabilities in applications. Even today, there are a number of posts on Stack Overflow that mention outdated algorithms like AES/ECB and they are still being viewed and up voted by users. Stack Overflow is a completely user driven platform and does not provide any mechanism which will alert users about the vulnerabilities associated with such algorithms. The aforementioned problems motivates us to study the Stack Overflow posts which has reference to outdated cryptography algorithms, and focus on answering two questions: Is it feasible to build a system that identifies weak cryptographic algorithms or hashing function and alert users? If a question contains weak cryptographic algorithms, do responders alert the users or do they simply focus on providing a working solution? To answer these, we have designed and developed a mary tree with a list of encryption algorithms and hashing functions available. We identified cryptographic algorithm keywords from posts text and traversed the tree, where tree leaves suggest if there is a need of potential warning or not. We applied this process both to posts questions and answers to analyze if the question and answers correlate by verifying if they traverse the same tree path. We ran our designed system against 6 million Stack Overflow Posts, which had 5169 cryptography related posts. We could successfully find several posts which had both questions and answers referring to outdated algorithms, and do not have any warnings from responders.
اصطلاحهای موضوعی کنترل نشده
اصطلاح موضوعی
Applied mathematics
اصطلاح موضوعی
Computer engineering
اصطلاح موضوعی
Computer science
اصطلاح موضوعی
Information technology
اصطلاح موضوعی
Web studies
نام شخص به منزله سر شناسه - (مسئولیت معنوی درجه اول )